A Ukrainian man, who was arrested in a Turkish nightclub, allegedly was selling credit card information stolen during the massive security breach at TJX, the parent company of retailer T.J. Maxx.

Doug Bem, an inspector with the U.S. Postal Inspection Service, told InformationWeek that Maksym Yastremskiy, who is believed to be in his mid-20s, has been taken into custody in Turkey. And "discussions" are under way about extraditing him to the United States.

"He's an individual who a number of federal agencies have had on their radar screen for some time," said Bem. "It appears he is the largest individual seller of card data that traces back to the TJX breach. ... This is a significant opportunity."

Bem added that the authorities don't have any information that leads them to believe Yastremskiy actually broke into the TJX network and stole the information himself. Yastremskiy allegedly was a major reseller.

The theft at TJX, which is also the parent company of retailers like Marshalls and HomeGoods, was reportedly the largest customer data breach on record. Earlier this year, the company announced the loss of more than 45 million credit and debit card numbers that were stolen from its IT systems over an 18-month period. It's considered to be the largest customer data breach on record. Last week, TJX reported in its second-quarter earnings that the company had to absorb a $118 million charge related to the massive security breach. For the second quarter, which ended July 28, the breach cost 25 cents per share -- 10 times more than the 2 cents to 3 cents company executives estimated just three months ago.

In May, the company announced in its first quarterly earnings statement that it took a $12 million hit, or 3 cents per share. TJX earlier had recorded a fourth-quarter charge of about $5 million for similar costs related to the security breach. That means at the end of this last quarter, the breach has already cost the company $135 million.

Because of the breach, TJX was hit this past April with a class-action lawsuit seeking "tens of millions of dollars." The Massachusetts Bankers Association, which represents 207 financial institutions, announced that it filed the suit in federal court in Boston.